Gary Kessler

• Ph.D.
• CEO at Gary Kessler Associates

The Automatic Identification System (AIS) provides situational awareness for vessels at sea. AIS has a number of known security vulnerabilities that can lead to a several types of attacks on AIS, including the ability to create ghost vessels, false warning or meteorological messages, or bogus virtual aids-to-navigation (AtoN). A number of methods,...

Digital forensic methodology deviates significantly relative to the methods of other forensic sciences for numerous practical reasons, and it has been largely influenced by factors derived from the inception and evolution of this relatively new and rapidly changing field. Digital forensics methodology was developed more by practitioners in its earl...

The study and practice of forensic science comprises many distinct areas that range from behavioral to biological to physical and to digital matters, and in each area forensic science is utilized to obtain evidence that will be admissible within the legal framework. This article focuses on inconsistencies within the accepted methodology of digital...

Digital forensic methodology deviates significantly relative to the methods of other forensic sciences for numerous practical reasons, and it has been largely influenced by factors derived from the inception and evolution of this relatively new and rapidly changing field. Digital forensics methodology was developed more by practitioners in its earl...

The study and practice of forensic science comprises many distinct areas that range from behavioral to biological to physical and to digital matters, and in each area forensic science is utilized to obtain evidence that will be admissible within the legal framework. This article focuses on inconsistencies within the accepted methodology of digital...

Best practices in digital forensics include a procedure to sanitize media on which forensic images will be stored, thus eliminating potential challenges that contamination of the evidence may occur due to data that exist on the media prior to storing forensic images. This article describes a research project to empirically evaluate the extent to wh...

The maritime transportation system is increasingly a target of cyber attacks. This paper describes a taxonomy that supports the creation of adversarial cyber models, risk mitigation, and resiliency plans as applied to the maritime industry, using the Automatic Identification System as a specific illustration of the approach. This method has already...

The study and practice of forensic science comprises many distinct areas that range from behavioral to biological to physical and to digital matters, and in each area forensic science is utilized to obtain evidence that will be admissible within the legal framework. This article focuses on inconsistencies within the accepted methodology of digital...

Best practices in digital forensics include a procedure to sanitize media on which forensic images will be stored, thus eliminating potential challenges that contamination of the evidence may occur due to data that exist on the media prior to storing forensic images. This article describes a research project to empirically evaluate the extent to wh...

Digital forensic methodology deviates significantly relative to the methods of other forensic sciences for numerous practical reasons, and it has been largely influenced by factors derived from the inception and evolution of this relatively new and rapidly changing field. Digital forensics methodology was developed more by practitioners in its earl...

In this paper we introduce and describe a novel approach to adaptive image steganography which is combined with One-Time Pad encryption, and demonstrate the software which implements this methodology. Testing using the state-of-the-art steganalysis software tool StegExpose concludes the image hiding is reliably secure and undetectable using reasona...

The Message Digest 5 (MD5) hash is commonly used as for integrity verification in the forensic imaging process. The ability to force MD5 hash collisions has been a reality for more than a decade, although there is a general consensus that hash collisions are of minimal impact to the practice of computer forensics. This paper describes an experiment...

Gary C. Kessler considers the issue of mobile device forensics and the relationship between digital forensics and other forensic sciences, and compares mobile device forensics to the broader field of digital forensics. Index words: Cell phone forensics, computer forensics, digital forensics, mobile device forensics

This chapter discusses generic issues surrounding local area network (LAN) security. Securing the LAN is essential to securing the Internet because LANs are where most of the attackers, victims, clients, servers, firewalls, routers, and other devices reside. Compromised LAN systems on the Internet open other nodes on that local network to attack an...

This chapter provides an overview of local area network (LAN) concepts, topologies, technologies, and design. Historically, LANs have been broadcast networks, meaning that every LAN station hears every transmission on the medium. LAN topologies have to support the broadcast nature of the network and provide full connectivity between all stations. T...

This chapter presents an overview of denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks. These two types of attacks seek to render target systems and networks unusable or inaccessible by saturating resources or causing catastrophic errors that halt processes or entire systems. DoS attacks on corporate networks and ISPs have re...

The Advances in Teaching and Learning Technologies Mini-track has a history at HICSS that spans more than seventeen years. Various incarnations of this mini-track have served as an outlet for researchers who investigate the collaborative aspects of teaching, ...

Homeland Security (HS) is a growing field of study in the U.S. today, generally covering risk management, terrorism studies, policy development, and other topics related to the broad field. Information security threats to both the public and private sectors are growing in intensity, frequency, and severity, and are a very real threat to the securit...

Python Forensics provides many never-before-published proven forensic modules, libraries, and solutions that can be used right out of the box. In addition, detailed instruction and documentation provided with the code samples will allow even novice Python programmers to add their own unique twists or use the models presented to build new solutions....

Best practices in digital forensics demand the use of write-blockers when creating forensic images of digital media, and this has been a core tenet of computer forensics training for decades. The practice is so ingrained that the integrity of images created without a write-blocker are immediately suspect. This paper describes a research framework t...

Cellular phones and other mobile devices are increasingly in their sophistication, capabilities, and ubiquity. Therefore, mobile devices contain probative information in an ever-growing range of civil and criminal investigations. This paper describes basic cell phone terminology, concepts, and technology as an introduction to the digital forensics...

Digital forensics, the branch of forensic science that focuses on the recovery and investigation of digital data, has applications in many contexts outside the courtroom, including research, policy enforcement, and intelligence gathering.

Although attack vectors on data and telecommunications infrastructures have changed in the past 40 years, attack types remain eerily similar. Perhaps the focus should be less on computers and networks and more on the threat itself.

One area of particular concern for computer forensics examiners involves situations in which someone utilized software applications to destroy evidence. There are products available in the marketplace that are relatively inexpensive and advertised as being able to destroy targeted portions of data stored within a computer system. This study was und...

Steganography is the art of covered, or hidden, writing. The purpose of steganography is covert communication—to hide the existence of a message from a third party. Knowledge of steganography is of increasing importance to individuals in the law enforcement, intelligence, and military communities. This chapter provides a high-level introduction to...

As digital evidence grows in both volume and importance in criminal and civil courts, judges need to fairly and justly evaluate the merits of the offered evidence. To do so, judges need a general understanding of the underlying technologies and applications from which digital evidence is derived. Due to the relative newness of the computer forensic...

The increasing number of mobile devices being submitted to Digital Forensic Laboratories (DFLs) is creating a backlog that can hinder investigations and negatively impact public safety and the criminal justice system. In a military context, delays in extracting intelligence from mobile devices can negatively impact troop and civilian safety as well...

Although still a relatively new undergraduate course of study at most colleges and universities, specialized degree programs in computer forensics and digital investigations are now becoming available at the graduate level. There appear to be two divergent educational paths for graduate-level education in this field, namely, technology and manageme...

One of the most interesting aspects of Web 2.0 technologies is how they have been adapted by users in ways not anticipated by the creators of the technology. We, as digital forensic practitioners, have to evolve our methods and approaches in response ...

One of the most interesting aspects of Web 2.0 technologies is how they have been adapted by users in ways not anticipated by the creators of the technology. We, as digital forensic practitioners, have to evolve our methods and approaches in response ...

On the day that I sat down to start to write this review, the following e-mail came across on one of my lists: Person A and Person B write back and forth and create an email thread. Person A then forwards the email to Person C, but changes some wording in the email exchange between A & B. What is the easiest way (and is it even possible) to find ou...

This paper describes a student project examining mechanisms with which to attack Bluetooth- enabled devices. The paper briefly describes the protocol architecture of Bluetooth and the Java interface that programmers can use to connect to Bluetooth communication services. Several types of attacks are described, along with a detailed example of two a...

In 2007, the Computer & Digital Forensics (C&DF), Criminal Justice (CJ), and Paralegal programs started to employ a mock trial to bring students from these three disciplines together. The event starts with a pre-planned crime scene. CJ students secure and process the crime scene, interview witnesses, and gather evidence. Digital devices are recover...

I freely admit that this book was sent to me by the publisher for the expressed purpose of my writing a review and that I know several of the chapter authors. With that disclosure out of the way, let me say that the book is well worth the review (and I get to keep my review copy). The preface to the book cites the 2003 publication of The National S...

I freely admit that this book was sent to me by the publisher for the expressed purpose of my writing a review and that I know several of the chapter authors. With that disclosure out of the way, let me say that the book is well worth the review (and I get to keep my review copy). The preface to the book cites the 2003 publication of The National S...

Digital investigators have an increasing need to examine data network logs and traffic, either as part of criminal or civil investigations or when responding to information security incidents. To truly understand the contents of the logs and the data packets, examiners need to have a good foundation in the protocols comprising the Transmission Cont...

Although still a relatively new undergraduate course of study at most colleges and universities, specialized degree programs in computer forensics and digital investigations are now becoming available at the graduate level. There appear to be two divergent educational paths for graduate-level education in this field, namely, technology and manageme...

Apple's hold on the personal computer marketplace started dwindling on August 12, 1981, the day that the IBM PC was introduced. As an Apple ][+ bigot myself, I refused to touch a PC for some years. But I was also a command line bigot, so when the first Macintosh was introduced in 1983 and hermetically sealed the operating system from users, I did n...

Computer forensics is a relatively new, but growing, field of study at the undergraduate college and university level. This paper describes some of the course design aspects of teaching computer forensics in an online environment. The learning theories and pedagogies that provide the guiding principles for course design are presented, along with sp...

Champlain College formally started an undergraduate degree program in Computer & Digital Forensics in 2003. The underlying goals were that the program be multidisciplinary, bringing together the law, computer technology, and the basics of digital investigations; would be available as on online and on-campus offering; and would have a process-orient...

Steganography is the art of covered, or hidden, writing. The purpose of steganography is covert communication --to hide the existence of a message from a third party. This paper is intended as a high-level technical introduction to steganography for those unfamiliar with the field. It is directed at computer forensics examiners who need a practical...

The authors discuss the advantages and difficulties of Web-based online distance learning. Web-based ODL can and does work for most learners when designed with high levels of interactivity and when cost and access issues can be adequately addressed. However, Web-based ODL requires a fundamental paradigm shift in how we define concepts like educatio...

Telecommunications networks, and the Internet in particular, were unknown to people outside of the industry until just a few years ago. Today, everyone knows about the Net. But what do people actually know? And where do nontechnical audiences learn what they “know”? This article examines just a few of the ways in which the popular media (books and...

The Switched Multimegabit Data Service (SMDS) is a metropolitan area network (MAN) service currently offered by local and long distance telephone companies in the United States. The service is also growing in popularity in Europe and the Pacific Rim. This chapter will describe the forces driving the development of SMDS, features and characteristic...

Most computer forensics experts are well-versed in basic computer hardware technology, operating systems, common software applications, and computer forensics tools. And while many have rudimentary knowledge about the Internet and simple network-lookup tools, they are not trained in the analysis of network communication protocols and the use of pac...

An abstract is not available.

An abstract is not available.

Steganography is the art of covered or hidden writing. The purpose of steganography is covert communication-to hide the existence of a message from a third party. This paper is intended as a high-level technical introduction to steganography for those unfamiliar with the field. It is directed at forensic computer examiners who need a practical unde...

Passwords are the most common form of authentication used to control access to information, ranging from the personal identification numbers we use for automatic teller machines, credit cards, telephone calling cards, and voice mail systems to the more complex alphanumeric passwords that protect access to files, computers, and network servers. Pass...

Viewed generically, anti-forensics (AF) is that set of tactics and measures taken by someone who wants to thwart the digital investigation process. This paper describes some of the many AF tools and methods, under the broad classifications of data hiding, artefact wiping, trail obfuscation, and attacks on the forensics tools themselves. The concept...

This paper describes some of the course design aspects of teaching computer forensics in an online environment. Although the focus of the paper is about online education at the undergraduate level, the basic premises are also applicable to graduate education and adult training. The paper will describe the need and rationale for the delivery of educ...